A military perspective on cyber security
Upcoming SlideShare
Loading in...5
×
 

Like this? Share it with your network

Share

A military perspective on cyber security

on

  • 2,746 views

This is a working document for presentation to Cyber Security Professionals concerning a tactical mindset in securing cyberspace within organizations. High level, can add in case studies, more content ...

This is a working document for presentation to Cyber Security Professionals concerning a tactical mindset in securing cyberspace within organizations. High level, can add in case studies, more content to come Dec 2010 for the European, UK and German presentation. Feel free to respond to add to brief. Requires Notes

Statistics

Views

Total Views
2,746
Views on SlideShare
2,706
Embed Views
40

Actions

Likes
0
Downloads
138
Comments
1

2 Embeds 40

http://www.linkedin.com 23
https://www.linkedin.com 17

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
  • The presentation went 1 hour 15 minutes. Notes can be provided.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

A military perspective on cyber security Presentation Transcript

  • 1. A Military Perspective on Cyber Security
    “Not a Paradigm Shift, Just a Tactical Approach”
    Joey Hernandez CISSP
  • 2. Topic
    Background
    The Change
    Center of Gravity Rings
    Principles of War
    Contested Commons
    Your Turn
  • 3. Background
    Elevated age in cyber warfare
    Malware has become focused
    SCADA Systems (Stuxnet)
    Malware performs Operational Preparation of the Environment (OPE)
    Conficker (Millions still infected)
    Ransomeware
    Data is being held hostage
    The advanced capability of the threat has increased the risk.
    Understanding the risk allows employment of defensive measures to decrease the risk – “Risk will always be present”
  • 4. The Change
    Combined capabilities have helped attackers create weapon systems
    Soldier +Rifle + Bullets =(This is a weapon systems)
    Cyber
    State Sponsored, Script Kiddies, Paid Staff
    Laptop, Desktop, Mobile devices
    Metasploit, Backtrak, PoisonIvy, Mpack, other RAT
    Hacker + Laptop + Metasploit = Weapon System
    Attackers, Adversaries, Cyber terrorist are now employing TTP
  • 5. Wardens Rings
    The focus to attack Centers of Gravity
    The Estonian attack/s
    Utilized TTP
    Rings
    Leadership (Defaced Ministry of Defense, Finance, etc)
    Organic/System Essentials
    Infrastructure (DDoS against ISP and Wardialing to lock up POTS network)
    Population (News Media)
    Fielded Military Forces
    Inside Out Attack Methodology For Kinetic Warfare
  • 6. Cyber
    Population attacks cascade the ring
    System essential attacks on services eg. Supply Chain, Food, FedEx ; feeds the rings in both direction
    Infrastructure attacks feed the ring both directions
    Leadership focus elevates the nature of the actions
    “Defense measures must ensure protection of systems first and population foremost”
  • 7. Countering Principles of War
    Raising perceptions of attacks guarantee elevated perspective.
    Proactive approaches to provide defense in depth reduces risk to all Centers of Gravity
    NOT immediately achievable, requires buy-in
  • 8. Principle 1
    Objective: Direct every operation towards a clearly defined, decisive, and attainable objective.
    Security
    Create policy & Directives that are concise, fed from leadership and enhances current capabilities.
    Defense
    Institutionalize SOP creating a path to obtainable objectives
  • 9. Principle 2
    Offensive: Seize, retain, and exploit the initiative
    Cyber Security personnel must have all tools required to respond to incidents or events when presented enabling decisive results
    Immediate knowledge of events through proactive
    Proactive research
    International teams of trust
    Reverse engineering of “current” malicious code
    Pentesting with seized exploits ensure preparedness
    Exercise routinely against new threats
    Exploitation allows establishing opstempo for defensive and counter operations.
  • 10. Principle 3
    Economy of Force: Allocate minimum essential combat power to secondary efforts.
    Cyber Security staff should only be allocated tasks relating to protection of grid and its associated systems
    Minimize external tasks not associated to Cyber Security
    “Employ” others to do: password resets, maintenance, and support
    Discriminate whenever possible!
    Indentify and prioritize cyber assets and assign coverage accordingly
  • 11. Principle 4
    Mass: Concentrate combat power at the decisive place and time.
    Sustain with technology, resolve with Mass – Use Crisis action teams, leverage distributed knowledge
    “Get there first with the most”.
    The dynamic nature of Cyber Space allows you to employ mass globally with centralized control
    Convene and delegate
    Ensure communication is continuous
    If possible (Make possible) Disarm the attacker
    Block/Mitigate adversaries ability to maneuver, virtual arm bar
    Remain focused on protection
  • 12. Principle 5
    Surprise: Strike the enemy at a time, place, or manner for which they are unprepared.
    Always expect it!
    Trust but verify – If the network is quiet lower thresholds, to find hidden traffic
    Utilize time to influence out of the box operating procedures and TTP to develop
    Always expect it!
  • 13. Principle 6
    Maneuver: Place the enemy in a position of disadvantage through flexible application of combat power
    Gain an advantage in positioning by training, certifying defense crews
    Exercising as a team places the adversary in a position of disadvantage
    Train as a group to flexibly protect, respond, and mitigate attacks
    Leverage internal and external trusted SME capabilities
  • 14. Principle 7
    Unity of Command: For every objective, ensure unity of effort under one responsible commander.
    A single leader should provide direction and coordination for crews ensuring comprehensive objectives.
    Alignment facilitates communication for mission/common objective
    Each task presented should have ownership and custodial characteristics for members of the crew
    Ideas & Solutions
    Preferred collective
    Collective not required
  • 15. Principle 8
    Security:Never permit the enemy to acquire an unexpected advantage.
    Protect and preserve defense measures, procedures and capabilities from the eyes of the adversary.
    Security exertion minimizes attack vectors
    Understand the capabilities and limiting factors of your people – “provides for a clearer situational awareness”
  • 16. Principle 9
    Simplicity: Prepare clear, uncomplicated plans concise orders to ensure thorough understanding.
    Concise Plans and Orders minimize the chance for mistakes.
    Degree of operational simplicity results from from experience, training, empowerment and institutionalized processes.
    Simplicity in Cyber Operations - is an Art of Balance
    Open lines of communication Local & Global support simplicity
  • 17. Contested Commons
    It is Global: Maritime, Air, Space, Cyber
    Relied upon for business globalization
    More nations, organizations, economies at risk
    Rapid capability development, sluggish legal and global agreement on how to “Address Cyber Attacks”
    Russia & China created No CY Zones
    Some believe there is “No Cyber War”
    Ask Estonia, Brazil, Canada, South Africa, Malaysia
  • 18. Your Turn
    Train & Exercise your crews as a team
    Open lines of communication
    Think strategically, act locally
    Be proactive, make quick fixes, and best practice into TTP
    Be paranoid, suspicious and know your adversaries
    Build your trusted crisis network
    Plan for events
    Clear the fog